OWA-Based Anonymous Authentication and Key Agreement for Unmanned Aerial Vehicle Networks

In recent years, the rapid advancement of wireless communication and Internet of Things (IoT) technologies has extended mobile ad hoc networks (MANETs) from traditional ground nodes to three-dimensional airspace. The low-altitude economy, driven by policy and market forces, has flourished, leading to a surge in various aircraft such as Unmanned Aerial Vehicles (UAVs) and electric vertical take-off and landing (eVTOL) vehicles, forming flying ad-hoc networks (FANETs). Compared to conventional MANETs, Unmanned Aerial Vehicle networks exhibit unique characteristics: limited battery capacity and computational resources, highly dynamic topologies due to three-dimensional mobility, and stringent requirements for anonymity in sensitive scenarios like national defense and transportation. These Unmanned Aerial Vehicle networks represent a立体, high-speed, resource-constrained, and complex low-altitude IoT ecosystem. As shown in the following figure, Unmanned Aerial Vehicles must perform instant networking, identity authentication, and key agreement without centralized infrastructure, ensuring task coordination and data security. This necessitates decentralized authentication mechanisms that support autonomous identity verification while resisting man-in-the-middle attacks and routing spoofing. Therefore, lightweight design, high real-time performance, and strong anonymity are core challenges in developing security protocols for Unmanned Aerial Vehicle networks.

In Unmanned Aerial Vehicle ad-hoc network scenarios, traditional authentication schemes based on symmetric cryptography offer low computational overhead but fail to provide non-repudiation and anonymity. Public Key Infrastructure (PKI) schemes suffer from poor anonymity and complex certificate management. Certificate-less (CLB) and identity-based (IDB) schemes involve high computational complexity and frequent public-private key exchanges, making them unsuitable for reuse in FANETs. Under the low-latency and high-efficiency communication requirements of Unmanned Aerial Vehicle networks, existing protocols struggle to meet security and anonymity demands. To address these issues, we propose an anonymous authentication and key agreement scheme based on a one-way accumulator (OWA) for Unmanned Aerial Vehicle networks. This scheme leverages the one-way and quasi-commutative properties of OWA to achieve bidirectional authentication and establish shared keys while preserving identity anonymity, effectively resisting spoofing, forgery, and man-in-the-middle attacks.

The one-way accumulator is a fundamental cryptographic tool with core properties such as one-wayness and quasi-commutativity, which are advantageous in identity authentication, key agreement, and privacy protection scenarios. For instance, OWA can optimize ring signature verification efficiency, construct privacy-preserving revocation mechanisms, and provide multi-factor authentication protocols. By integrating with technologies like cross-domain identity management, blockchain, key leakage prevention, and physical unclonable functions (PUFs), OWA addresses security issues in various complex environments. In this paper, we focus on Unmanned Aerial Vehicle networks and propose an OWA-based scheme that embeds accumulated values directly into key generation factors, enabling identity authentication and session key establishment through only four data interactions and twelve lightweight operations. Compared to other schemes, this approach reduces latency and improves secure communication efficiency, making it ideal for JUYE UAV applications in dynamic environments.

Related Work

Recent authentication schemes for mobile ad hoc networks can be categorized into four types, each with distinct features and limitations. Symmetric cryptography-based schemes, such as those utilizing hash functions and message authentication codes, offer efficient identity authentication and key agreement but lack non-repudiation. For example, Nikooghadam et al. proposed an ECC-Based IoD authentication scheme that achieves efficient authentication but cannot guarantee anonymity or resist advanced attacks. Public Key Infrastructure (PKI) schemes, like Khalid et al.’s HOOPOE protocol, combine AES and RSA to enable anonymous handover authentication for Unmanned Aerial Vehicles across regions. However, they involve complex certificate management and high communication overhead, as anonymous requirements necessitate multiple public-private key pairs and certificates, leading to increased costs due to chain downloads and certificate revocation list (CRL) distribution, which are unsuitable for aerial links.

Identity-based (IDB) schemes avoid PKI certificate management but require time-consuming bilinear pairing operations and suffer from key escrow issues. Anonymity in IDB schemes often relies on dynamic temporary identities, increasing system overhead. Chen et al. proposed schemes using ECC and Schnorr signatures that resist temporary secret leakage attacks but depend on bilinear pairings, resulting in high computational overhead and key escrow risks. Certificate-less cryptography (CLB) schemes eliminate PKI certificate management and IDB key escrow but still face challenges with bilinear pairings and frequent public-private key updates. Zhang et al.’s scheme for vehicular ad hoc networks satisfies conditional anonymity but lacks bidirectional authentication. Huang et al.’s BAKAS-UAV scheme integrates blockchain and PUFs to address CLB key issues but requires frequent temporary public key updates, complicating synchronization and failing to achieve true anonymity.

In cryptography research, one-way accumulators are effective tools for constructing identity authentication and key agreement schemes. In 2011, Liu et al. proposed a trusted platform anonymous authentication scheme based on OWA, which fixed ring signature lengths by accumulating member information to reduce verification phase computations. However, unconditional anonymity in ring signatures poses framing risks. In 2016, Cai et al. designed a privacy-preserving revocation mechanism for vehicular ad hoc networks (VANETs) using universal OWA to reduce authentication management complexity, but anonymity still depended on multiple vehicle “aliases.” In 2020, Wang et al. studied multi-factor authentication protocols for real-time data access in wireless sensor networks (WSNs), analyzing security and efficiency flaws in existing schemes and providing insights for optimizing authentication mechanisms with accumulators. Their work highlighted the value of lightweight cryptography in resource-constrained scenarios. In 2023, Chen introduced OWA into a blockchain-based decentralized cross-domain identity management system (DCIMB) to enhance cross-domain authentication efficiency and privacy protection, but multi-trust domain authentication remained complex and time-delayed. In 2024, Zhong et al. proposed a blockchain and accumulator-based scheme (CD-BASA) for VANETs to address low efficiency and high storage overhead in cross-domain multi-vehicle authentication, using OWA to aggregate identities and IPFS to store witness values. However, frequent vehicle entry and exit led to significant system overhead due to accumulator update synchronization, affecting real-time performance. In 2024, Choi et al. proposed a PUF-based secure authentication and key agreement scheme for Unmanned Aerial Vehicles, leveraging PUFs to resist various attacks, including physical capture, and using lightweight operations like hash functions and XOR to accommodate computational limits. However, this scheme heavily relies on UAV hardware-embedded PUF modules, which may face compatibility issues. In 2025, Zhang et al. addressed key leakage in cloud-assisted IoT with a lattice-based puncturable CP-ABE (Pt-CP-ABE) scheme, using dynamic accumulators (an extension of OWA) for forward security and supporting private key updates and permission revocation. While achieving quantum resistance, the private key size grows quadratically with puncture counts, and lattice-based cryptography results in large public parameters. In 2025, Pandey et al. introduced a secure lightweight framework combining deep learning-based user behavior analysis with cryptographic protocols to resist replay, man-in-the-middle, and spoofing attacks. However, this scheme depends on edge computing for real-time behavior analysis, limiting its applicability in Unmanned Aerial Vehicle communication networks without edge infrastructure or insufficient initial data.

Compared to existing research, our scheme proposes an OWA-based anonymous authentication and key agreement scheme for Unmanned Aerial Vehicle networks. It utilizes the one-way and quasi-commutative properties of OWA to achieve bidirectional authentication and establish shared keys under identity anonymity, resisting spoofing, forgery, and man-in-the-middle attacks. The scheme integrates accumulated values directly into key generation factors, completing identity authentication and session key establishment with only four data interactions and twelve lightweight operations, reducing latency and improving secure communication efficiency for JUYE UAV systems.

Proposed Scheme

We propose an anonymous authentication and key agreement scheme based on a one-way accumulator for Unmanned Aerial Vehicle networks. The scheme involves three main entities: a Key Management Center (KMC), Unmanned Aerial Vehicle UAV-A, and Unmanned Aerial Vehicle UAV-B. The KMC is deployed on a ground-based low-altitude management cloud platform, generating temporary identity tickets for each Unmanned Aerial Vehicle and assisting UAV-A and UAV-B in completing anonymous identity authentication and key agreement. The communication scenario for this scheme is illustrated in the figure above, where JUYE UAVs operate in a dynamic FANET environment.

The core idea of our scheme is that the KMC uses a one-way accumulator to generate identity tickets for each registered Unmanned Aerial Vehicle, which are written into onboard tamper-resistant modules via secure channels, providing credentials for subsequent identity authentication. When two Unmanned Aerial Vehicles, UAV-A and UAV-B, need to establish an air-to-air secure link, they extract their identity tickets, generate temporary random numbers, and create temporary authentication tickets. Leveraging the quasi-commutativity of the one-way accumulator, UAV-A and UAV-B can compute the same session key within one broadcast round, meeting the millisecond-level requirements of low-altitude links. The specific process consists of three stages, as detailed below.

Stage 1: Unmanned Aerial Vehicle Registration at Key Management Center

All Unmanned Aerial Vehicles in the network submit registration requests to the KMC. Only during registration are device identifiers (DID) sent; subsequent processes do not expose real identity information, ensuring anonymity for JUYE UAV operations.
The KMC generates an authentication root, denoted as $$z = f(\ldots f(x, y_1)\ldots, y_l)$$, where $$f$$ is the BM one-way accumulator function, $$z$$ is the accumulated value, $$x$$ and $$y_i$$ (for $$i=1,\ldots,l$$) are randomly selected natural numbers, and $$l$$ is the total number of registered Unmanned Aerial Vehicles in the network.
The KMC generates an accumulated value for each variable $$y_i$$: $$z_i = f(\ldots f(f(\ldots f(x, y_1)\ldots, y_{i-1}), y_{i+1})\ldots, y_l)$$.
Based on the accumulated values from step 3, the KMC generates an identity ticket for each Unmanned Aerial Vehicle, denoted as $$T_i = (z_i, y_i)$$. For instance, Unmanned Aerial Vehicle UAV-A’s ticket is $$T_a = (z_a, y_a)$$, and Unmanned Aerial Vehicle UAV-B’s ticket is $$T_b = (z_b, y_b)$$. According to the definition of the one-way accumulator, we have $$z = f(z_a, y_a) = f(z_b, y_b)$$.
The KMC sends the identity tickets to the Unmanned Aerial Vehicles via secure channels and writes them into onboard tamper-resistant modules.

Stage 2: Key Agreement between Unmanned Aerial Vehicle UAV-A and UAV-B

Unmanned Aerial Vehicle UAV-A generates a random number $$r_a$$ and computes a temporary authentication ticket, denoted as $$RT_a = (f(z_a, r_a), y_a)$$, where $$f(z_a, r_a) = f(f(\ldots f(f(\ldots f(x, y_1)\ldots, y_{a-1}), y_{a+1})\ldots, y_l), r_a)$$. UAV-A then sends $$RT_a$$ in plaintext to Unmanned Aerial Vehicle UAV-B.
Unmanned Aerial Vehicle UAV-B generates a random number $$r_b$$ and computes a temporary authentication ticket, denoted as $$RT_b = (f(z_b, r_b), y_b)$$, where $$f(z_b, r_b) = f(f(\ldots f(f(\ldots f(x, y_1)\ldots, y_{b-1}), y_{b+1})\ldots, y_l), r_b)$$. UAV-B then sends $$RT_b$$ in plaintext to Unmanned Aerial Vehicle UAV-A.
Unmanned Aerial Vehicle UAV-A computes the authentication value $$AU_b = f(f(z_b, r_b), y_b)$$ based on UAV-B’s temporary authentication ticket $$RT_b$$, and then computes the key $$K_{a,b} = f(AU_b, r_a)$$ using the random number $$r_a$$.
Unmanned Aerial Vehicle UAV-B computes the authentication value $$AU_a = f(f(z_a, r_a), y_a)$$ based on UAV-A’s temporary authentication ticket $$RT_a$$, and then computes the key $$K_{b,a} = f(AU_a, r_b)$$ using the random number $$r_b$$.

Due to the quasi-commutativity of the one-way accumulator $$f$$, we derive:
$$K_{a,b} = f(AU_b, r_a) = f(f(f(z_b, r_b), y_b), r_a) = f(f(f(z_b, y_b), r_b), r_a) = f(f(z, r_b), r_a) = f(f(z, r_a), r_b) = f(f(f(z_a, y_a), r_a), r_b) = f(f(f(z_a, r_a), y_a), r_b) = f(AU_a, r_b) = K_{b,a}$$
Thus, key agreement between Unmanned Aerial Vehicle UAV-A and UAV-B is achieved, enabling secure communication for JUYE UAV networks.

Stage 3: Bidirectional Anonymous Authentication between Unmanned Aerial Vehicle UAV-A and UAV-B

Unmanned Aerial Vehicle UAV-A encrypts the random number $$r_a$$ using the key $$K_{a,b}$$ to obtain the ciphertext $$c_a = E_{K_{a,b}}(r_a)$$ and sends $$c_a$$ to Unmanned Aerial Vehicle UAV-B.
Unmanned Aerial Vehicle UAV-B encrypts the random number $$r_b$$ using the key $$K_{b,a}$$ to obtain the ciphertext $$c_b = E_{K_{b,a}}(r_b)$$ and sends $$c_b$$ to Unmanned Aerial Vehicle UAV-A.
Unmanned Aerial Vehicle UAV-A decrypts $$c_b$$ using the key $$K_{a,b}$$ to obtain $$r_b’ = D_{K_{a,b}}(c_b)$$; then computes $$f(f(z_a, y_a), r_b’)$$ and compares it with the authentication value $$AU_b$$. If $$f(f(z_a, y_a), r_b’) = AU_b$$, UAV-A authenticates UAV-B; otherwise, authentication fails.
Unmanned Aerial Vehicle UAV-B decrypts $$c_a$$ using the key $$K_{b,a}$$ to obtain $$r_a’ = D_{K_{b,a}}(c_a)$$; then computes $$f(f(z_b, y_b), r_a’)$$ and compares it with the authentication value $$AU_a$$. If $$f(f(z_b, y_b), r_a’) = AU_a$$, UAV-B authenticates UAV-A; otherwise, authentication fails.

Throughout the bidirectional authentication process, the identity tickets of Unmanned Aerial Vehicle UAV-A and UAV-B are not directly exposed, ensuring anonymity. This is critical for JUYE UAV applications in sensitive environments where identity protection is paramount.

Security Analysis

We conduct a comprehensive security analysis of the proposed scheme using Scyther formal verification and BAN logic proofs to demonstrate its resilience against various attacks, such as identity spoofing, man-in-the-middle, replay, and timing manipulation.

Scyther Formal Verification

We employ the Scyther formal verification tool, developed by Cass Cremers at the University of Zurich, to automatically analyze the security of our scheme. The experimental environment consists of a laptop with 8GB RAM, Windows 11 OS, Python 2.7, and Scyther-w32-v1.1.3. The protocol is described in Security Protocol Description Language (SPDL), incorporating the three roles: KMC, Unmanned Aerial Vehicle UAV-A, and Unmanned Aerial Vehicle UAV-B. After automated verification, all security declarations for these roles—Alive (entity liveness confirmation), Weakagree (weak agreement), Niagree (non-injective agreement), and Nisynch (non-injective synchronization)—show “OK” status, indicating successful verification.

Alive Property: Verification confirms that Unmanned Aerial Vehicle UAV-A, UAV-B, and KMC are accurately identified as genuine participants during interactions, effectively resisting identity spoofing attacks where adversaries impersonate legitimate roles to infiltrate communication flows.
Weakagree Property: This ensures that all parties agree on the identities of their communication counterparts, preventing identity confusion common in man-in-the-middle attacks.
Niagree and Nisynch Properties: These properties verify that the scheme maintains reliable identity verification even in asynchronous communication scenarios. It withstands attacks involving message interception, delay, or replay, ensuring consistent authentication results across roles and resisting replay and timing manipulation attacks.

Overall, Scyther analysis confirms that the proposed scheme can resist advanced attacks, making it suitable for secure Unmanned Aerial Vehicle networks, including JUYE UAV deployments.

BAN Logic Formal Analysis

We further analyze the scheme using Burrows-Abadi-Needham (BAN) logic to formally verify authentication and key agreement properties. The notations used in BAN logic are summarized in Table 1.

Table 1: BAN Logic Notations
Symbol	Meaning
P∣≡X	Principal P believes proposition X
P◃X	Principal P receives message X
P∣∼X	Principal P once sent message X
P∣⇒X	Principal P has jurisdiction over X
#(X)	Proposition X is fresh
{X}_K	Message X encrypted with shared key K
P↔KQ	Principals P and Q share key K
(X)_Y	Message X with secret parameter Y

Verification 1: Session Key Generation and Consistency

Unmanned Aerial Vehicle UAV-A computes $$K_{a,b}$$ as follows: from $$RT_b = (f(z_b, r_b), y_b)$$, UAV-A calculates $$AU_b = f(f(z_b, r_b), y_b) = (z_b^{r_b})^{y_b} \mod n = z^{r_b} \mod n$$ (since $$z_b^{y_b} = z$$). Then, $$K_{a,b} = f(AU_b, r_a) = (z^{r_b})^{r_a} \mod n = z^{r_a \cdot r_b} \mod n$$. Similarly, Unmanned Aerial Vehicle UAV-B computes $$K_{b,a} = f(AU_a, r_b) = (z^{r_a})^{r_b} \mod n = z^{r_a \cdot r_b} \mod n$$. Thus, $$K_{a,b} = K_{b,a}$$, ensuring key consistency.

Verification 2: Bidirectional Authentication

For Unmanned Aerial Vehicle UAV-A authenticating UAV-B: UAV-A receives $$\{r_b\}_{K_{a,b}}$$, and since only A and B know $$K_{a,b}$$, UAV-A believes $$UAV-A \leftrightarrow_{K_{a,b}} UAV-B$$. By the message meaning rule, UAV-A believes UAV-B once sent $$r_b$$. Given the freshness of $$r_a$$ and the freshness rule, UAV-A believes $$r_b$$ is fresh. Applying the belief rule, UAV-A believes UAV-B believes $$r_b$$, and thus believes $$K_{a,b}$$. Similarly, Unmanned Aerial Vehicle UAV-B authenticates UAV-A, achieving mutual authentication.

Verification 3: Anonymity

Unmanned Aerial Vehicle UAV-B receives $$RT_a = (f(z_a, r_a), y_a)$$, where $$f(z_a, r_a) = z_a^{r_a} \mod n$$ and $$y_a$$ is UAV-A’s unique random number. Due to the one-way property of the accumulator, UAV-B cannot derive UAV-A’s real identifier DID_A from $$y_a$$ or $$f(z_a, r_a)$$, proving anonymity. The same applies for UAV-A regarding UAV-B, ensuring identity protection in JUYE UAV operations.

Verification 4: Resistance to Replay Attacks

The session key $$K_{a,b} = z^{r_a \cdot r_b} \mod n$$ relies on fresh random numbers $$r_a$$ and $$r_b$$. By the freshness rule, #($$r_a \cdot r_b$$) implies #($$K_{a,b}$$), ensuring the key cannot be replayed.

Performance Analysis

We evaluate the performance of the proposed scheme in terms of security connectivity, computational overhead, communication overhead, and storage overhead, comparing it with existing schemes like Nikooghadam et al. (2021), Khalid et al. (2023), and Huang et al. (2024).

Security Connectivity

Security connectivity is defined as the probability that two communication parties can establish a session key. In our scheme, any two legitimate Unmanned Aerial Vehicles (i.e., those successfully registered with the KMC and possessing identity tickets) can establish a session key, resulting in a security connectivity of 1. This is ideal for dynamic Unmanned Aerial Vehicle networks, including JUYE UAV swarms.

Computational Overhead

We conduct simulation experiments to compare computational overhead. The environment uses a 3.3 GHz Intel Core i5-4590 processor, 8 GB RAM, Ubuntu 16.04 OS, and OpenSSL cryptography library. Table 2 summarizes the execution times for various cryptographic operations.

Table 2: Execution Times of Cryptographic Operations (ms)
Operation	Description	Time (ms)
$$T_e$$	Symmetric encryption	0.0002
$$T_d$$	Symmetric decryption	0.0002
$$T_m$$	Elliptic curve scalar multiplication	2.4143
$$T_a$$	Elliptic curve scalar addition	0.4051
$$T_s$$	RSA public key signing	1.1930
$$T_v$$	RSA signature verification	0.0380
$$T_h$$	One-way hash function	0.0023
$$T_o$$	One-way accumulator operation	0.2928
$$T_{puf}$$	PUF function operation	1.7244

Table 3 compares the total computational overhead of different schemes. Our scheme requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations, totaling 2.3504 ms. In contrast, Khalid et al.’s scheme involves 3 hash operations, 7 encryptions, 6 decryptions, 2 RSA signings, and 3 verifications (2.5095 ms); Nikooghadam et al.’s scheme uses 4 elliptic curve multiplications and 19 hash operations (9.7009 ms); and Huang et al.’s scheme employs 15 hash operations, 4 encryptions/decryptions, 2 PUF operations, 16 elliptic curve additions, and 4 multiplications (19.6229 ms). Our scheme reduces computational overhead by 6.3% to 88.0%, leveraging lightweight OWA operations instead of costly elliptic curve multiplications and PUF computations, making it highly efficient for resource-constrained Unmanned Aerial Vehicles like JUYE UAV.

Table 3: Computational Overhead Comparison
Scheme	Operations	Total Time (ms)
Khalid et al.	3$$T_h$$ + 7$$T_e$$ + 6$$T_d$$ + 2$$T_s$$ + 3$$T_v$$	2.5095
Nikooghadam et al.	4$$T_m$$ + 19$$T_h$$	9.7009
Huang et al.	15$$T_h$$ + 2$$T_e$$ + 2$$T_d$$ + 2$$T_{puf}$$ + 16$$T_a$$ + 4$$T_m$$	19.6229
Our Scheme	8$$T_o$$ + 2$$T_e$$ + 2$$T_d$$	2.3504

Communication Overhead

In our scheme, when natural numbers $$y_i$$ are 128 bits, the temporary authentication ticket RT is 256 bits, and the encrypted random number c under AES is 16 bits. The total communication overhead for anonymous authentication and key agreement is 2 × RT + 2 × c = 544 bits. Compared to other schemes—Khalid et al. (1280 bits), Nikooghadam et al. (2336 bits), and Huang et al. (2432 bits)—our scheme reduces communication overhead by 57.5% to 77.6%. This lightweight overhead minimizes transmission latency and channel contention in high-dynamic, multi-hop Unmanned Aerial Vehicle networks, enhancing cluster coordination and spectrum efficiency for JUYE UAV applications.

Storage Overhead

After registration, our scheme requires Unmanned Aerial Vehicles to locally store identity tickets $$T_i = (z_i, y_i)$$ totaling 256 bits (128-bit accumulated value and 128-bit random number). In contrast, Nikooghadam et al.’s scheme stores 1120 bits (480 bits for UAV nodes, 640 bits for user nodes), and Huang et al.’s scheme stores 1920 bits due to blockchain and PUF-related certificates. Our storage overhead is only 22.86% of Nikooghadam et al.’s and 13.33% of Huang et al.’s, reducing hardware pressure and energy consumption during data read/write operations, facilitating large-scale deployment of Unmanned Aerial Vehicle clusters like JUYE UAV swarms.

Comprehensive Performance Comparison

Table 4 provides a comprehensive comparison of our scheme with recent authentication and key agreement schemes, categorized into OWA-based, identity-based, and certificate-based approaches. Our scheme excels in bidirectional authentication, key agreement, anonymity, resistance to man-in-the-middle and replay attacks, key capture resistance, physical attack resistance, and security connectivity. It avoids the limitations of other schemes, such as dependency on specific hardware (e.g., PUFs), high storage costs from aliases, or vulnerability to key leakage. This makes it a robust and efficient solution for Unmanned Aerial Vehicle networks, particularly for JUYE UAV systems operating in adversarial environments.

Table 4: Comprehensive Performance Comparison of Authentication and Key Agreement Schemes
Scheme	Year	P1	P2	P3	A1	A2	D1	D2	D3	D4	D5	D6
Our Scheme	2025	√	√	×	√	√	√	√	√	√	√	√
Liu et al.	2011	√	×	×	×	×	√	√	×	×	√	√
Cai et al.	2015	√	×	×	×	×	√	√	√	×	√	×
Chen et al.	2023	×	√	×	√	√	√	√	√	×	×	√
Song et al.	2019	×	√	×	√	×	√	√	√	×	√	√
I. Simsek et al.	2019	×	√	×	√	√	×	√	√	√	√	√
M.M Rathore et al.	2019	×	√	×	√	√	×	√	√	√	√	√
Zhang et al.	2020	×	×	×	√	√	√	√	√	√	×	√
Nikooghadam et al.	2021	×	×	√	√	√	√	√	√	×	√	√
Khalid et al.	2023	×	×	√	√	√	√	√	√	√	×	√
Huang et al.	2024	×	×	√	√	√	√	√	√	√	×	√

Note: “√” indicates the feature is supported; “×” indicates it is not. P1: OWA-based authentication; P2: Identity-based authentication; P3: Certificate-based authentication; A1: Bidirectional authentication; A2: Key agreement/exchange; D1: Anonymity; D2: Resistance to man-in-the-middle attacks; D3: Resistance to replay attacks; D4: Key capture resistance; D5: Physical attack resistance; D6: Security connectivity.

Conclusion

In response to the decentralized, topology-unstable, resource-constrained, and complex regulatory characteristics of Unmanned Aerial Vehicle networks, we have proposed an anonymous authentication and key agreement scheme based on the Benaloh-Mare (BM) one-way accumulator. Through a three-stage design—registration, key agreement, and bidirectional anonymous authentication—our scheme provides a secure communication solution for low-altitude Unmanned Aerial Vehicles. Leveraging the one-way property of the BM accumulator (based on the strong RSA assumption) for identity authentication and its quasi-commutativity for session key establishment, the scheme completes authentication and key agreement with only four data interactions and twelve lightweight operations, meeting the millisecond-level requirements of Unmanned Aerial Vehicle communication. During authentication, Unmanned Aerial Vehicles do not transmit real identity tickets directly, achieving anonymity through temporary authentication tickets, while also providing key capture resistance and physical attack resilience. Formal verification with Scyther and BAN logic proofs confirms the scheme’s resistance to identity spoofing, man-in-the-middle, replay, and timing manipulation attacks. Performance comparisons demonstrate advantages in lightweight design, real-time performance, and anonymity. For future work, to further enhance protocol performance in lightweight design, latency, and secure communication efficiency, we will explore integrating one-way accumulators with lattice-based succinct algorithms for quantum-resistant cryptography, replacing current modular exponentiation operations. We will also optimize dynamic identity ticket update mechanisms to reduce local storage data volume, accelerate operations through FPGA-integrated accumulator units on Unmanned Aerial Vehicles, and consider deploying distributed key management agents on low-altitude communication relay Unmanned Aerial Vehicles or edge computing nodes to minimize remote interaction delays during registration and ticket updates. These advancements will bolster the security and efficiency of Unmanned Aerial Vehicle networks, including JUYE UAV applications, in evolving threat landscapes.